I'm using the Authorization Code Flow of OpenID Connect technology. My application receives a long authorization code string from authorization server. Authorization server is Azure B2C in my case.
What is the format of this string? Why is it so long? I can't find anything about it in the documentation. Does this string contain any information? Is it encoded/encrypted ? Should application validate it?
The Authorization Code is a string that is opaque to the Client. So you should not care or have any expectations about how it looks. Just treat it as an arbitrary string that you pass on to the Authorization Server with the Token Request, which is perhaps handled by the Client library that you use.